PRISM - Is Not What You Think (Illustrated)

Originally posted by jimmyx
...all code is basically about the "on/off gates"...anything that is written, can be read. mind-numbing tedious line code search replaced by
algorithms. there are "codeheads" out there that live and breathe this stuff. encryption is seconds new and minutes old.....my cliché list

Yea, I'm one of them.

It's not just on or off, 1 or 0... there's a bit more to it. How are those ons and offs, 1's and 0's arranged? In what order? How is that order
defined? Is it completely random, with a formula determining the random order or is it a well-defined order?

Encryption is a science in itself that involves math more than anything else. There's no silver bullet to decrypting things, and no book with a list
of instructions on how to break encryption unless it's already been done.

Where are you getting that they need a warrant to get at encrypted traffic only? They need a warrant to make the snooping legal so it's actionable in
a court. But i think i understand what your saying, (it really depends on the type of traffic though) if the FBI wants to read your emails then they
can simply go to your Mail host and get whatever they have on the server and ongoing emails copied, Facebook, Google for your searches and traffic
patterns, Verisign for cell records.

But it sounded like your saying they (US Intelligence) are sniffing and storing all your data and THEN, if the unencrypted data flags something, they
go back and get a warrant and then can read all your old encrypted packets. That is a whole different ball game and i don't think that's what
happens. Not in my experience.

Also, read what Snowden said, he never talked about Prism like your talking about. He was talking about collecting data from Endpoints i.e. Cell
phone, email, application providers. Where your data is stored. He never talked about mass culling of data from tier one providers. If he did i
didn't see that.

What your talking about is when it was released that the US was snooping on pipes that are on the perimeter of the US data grid after 911 and I'm
sure that is going on. Those are not just Internet traffic, they are also phone calls....

This whole thing is very complicated. If you don't understand the technology its easy to fool ignorant people. It is NOTfair to say that the
US Government is looking at all Mr and Mrs Joe Blows US citizens packets and looking for key words. That is not true. Nothing points to that.

V

edit on 6/17/2013 by Variable because: typos

Your second paragraph is correct. The Narus deep packet inspection is basically flagging chunks of packets that it correlates based on things that
they tell it to look for, but they still capture everything. At the other end of the firehose of data coming from all of the different data exchange
points, they only look for the packets or chunks of data that have the flag and don't really pay attention to the rest, it's just noise. They still
record it because there might be encrypted packets or other data that need later. But at that point, they've already invaded your privacy.

Once the flagged data comes through, it is usually presented immediately to an NSA analyst who can take the flagged data and look at its context to
see if you are joking about something, seriously planning something, or already did something and are bragging about it. There is no warrant involved
at this point, yet someone is looking at your data, private and all. If the analyst believes there is reason to suspect you for any other activity,
they will get the FISA warrant to dig further, and in case they find something, they have to already have obtained the warrant for them to go to a
regular / Federal court and say that they followed due process, otherwise no matter what you did, it will likely be thrown out on the technicality.

The other option, is that they can get the warrant on probable cause, and if you have your data encrypted on your hard drive, and you don't give up
the password for it, they can hold you indefinitely until you do. (there's another post on ATS about this)

Either way, they are invading your privacy and snooping on you before they get the warrant. Otherwise, they have no evidence to get the warrant in the
first place because they have to present probable cause to the FISA court, meaning, that they have already found something, some bit of data that was
flagged, to give them the impression that you are doing something wrong.

Most fascinating. Thanks for supplying this easy to understand information. I have a question however. Do you know how the NSA was allowed to
install their secret "rooms" where a portion of the data is syphoned into. Why did, google, for example, allow NSA to attach a box to their system
and agree to keep quiet about it?

The Government leases the telecommunications lines from companies like ATT, where ATT "blocks" off an entire portion of the network exclusively for
government use. Normally, the Feds use the networks to do voice conferences and secure phone calls, secure communications, so they have private rooms
that nobody can gain access to.

It doesn't happen at Google, and nobody accesses their lines directly. The way the rooms for the NSA got set up was through the TIA during the Bush
administration. It allowed for the rooms to be set up by the NSA, and by the time people realized that their rights were being trampled on, they
"shut down" the program, but never removed any of the equipment, and then later re-coined the TIA to something else to resurrect it. In typical
government fashion, they buried things in bureaucracy, making it very hard to figure out how this happened. Look into the TIA a bit and you'll see
how they were able to build the rooms.

I'd be interested in hearing where you think my technical points were misleading, I might be able to clarify or correct if I didn't convey them
properly, it definitely isn't from a lack of knowledge or understanding; sometimes it's just difficult to explain it in a non-technical way.

I could talk about the standard RSA provider, and the differences between TripleDES and AES encryption, why the length of passwords and private keys
matter, how public and private keys work, Vernon encryption, one-way hashes and salts... but I'd probably lose a majority of the readers.

Instead, they try to look for the key identifiers in the traffic, narrow it down to a specific place, such as an email that was sent through Google,
and then get a warrant with "probable cause" to request that Google provide them with every piece of data that they want on that individual since
Google owns the private encryption key used, which is what they actually need the warrant for. Only Google can decrypt their secure traffic.

most systems use a combination of public-key and symmetric key encryption. When two computers initiate a secure session, one computer creates a
symmetric key and sends it to the other computer using public-key encryption. The symmetric key is discarded once the conversation completes, so tell
us again how the message is decrypted?

I apologize if I wasn't clear enough, however I don't think you fully understand how an RSA provider works, and should present proof of your
argument before you flat out claim that I'm incorrect.

It's the private key that is the prime factor in RSA encryption, and without knowing that factoring logic that results in the encryption of the
message being sent, there is no way to decrypt the message.

Let's say I (server) want to send you (client) a message that is encrypted. I have a public key and a private key. I give you the public key and you
use it to turn your message from text into a bunch of numbers. Everyone (all clients / users) get the public key, not the private one, only I know the
private key. This is the message that will be sent to me (the server). When I (the server) gets the message, I will use the private key to decrypt,
not the public key.

You're misunderstanding what a symmetric key is. Nobody actually uses symmetric keys because that would require that both parties have the private
key, making it insanely easy to hack. (Google it if you don't believe me) This is an implementation detail of how someone decides to set up their
security, but from experience, I can say that this is not the norm and is only common with highly trusted partnerships between parties, not for public
use over the internet.

I think you're confusing one type of encryption with another. Today's norm is mostly based on the RSA model, and most data exchanges are encrypted
using a public and private key based on the RSA model for SSL to encrypt the wire (transport / transmission), along with AES encryption for the inner
contents of the message. It's because of this complexity that they can capture your traffic but can not decrypt it.

In some optimization problems, the D-Wave handily beat the test PC—finding solutions up to 3,600 times faster. But unless the problem is
specially tailored to fit the quantum computer, it has to be translated. The D-Wave performed on par with the classical computer when working on
problems in need of translation.

There is still doubts that the system actually makes use of true quantum effects. It's been hotly disputed even though it is gaining more support. It
will still be quite some time before it's efficient enough to deal with strong encryption, but it will happen.

Gave you a star, but you seem to miss my point entirely. I need to work on my communications skills :-( I'm trying to say that this is stuff they
openly publish. I still maintain that the NSA/CSS (not FBI) has capabilities that are at least 20 years ahead of what we currently know exists.

Do you think that current encryption algorithms can be hacked given quantum computation paired with advanced AI are a reality? I think the answer is
obvious ...

PS: When they go to court they need old fashioned proof that is admissible and they don't want to tip their hand re advanced capabilities.

'd be interested in hearing where you think my technical points were misleading, I might be able to clarify or correct if I didn't convey them
properly, it definitely isn't from a lack of knowledge or understanding; sometimes it's just difficult to explain it in a non-technical way.

What I (and Mike.Ockizard,) seemed to think you were saying was that, a warrant, somehow gave the FBI or NSA the ability to suddenly decrypt your
encrypted traffic. You explained in a rebuttal post. I concur with what you said in the rebuttal. The problem is the limits of understanding of the
subject matter and the implied meaning when typing up posts. You type one thing and someone reads it differently. The whole subject is complex and
explaining every nuance is difficult. I think were on the same page now as far as encryption goes.

Now, the other point where we disagree, you continue to think that the NSA or whomever is still storing all the data through these traps using Narus.
Let me through this quote at you.

Instead of grabbing everything that passes, the ITA watches for anomalies in traffic and aggregates packets into two kinds of "vectors" for each
session: a human-readable transcript of all the packets in a particular connection, and an aggregation of all the application data that was sent in
that session.

“Typically with a 10 gigabit Ethernet interface, we would see a throughput rate of up to 12 gigabits per second with everything turned on. So out of
the possible 20 gigabits, we see about 12. If we turn off tag pairs that we’re not interested in, we can make it more efficient."

Were we seem to differ is the amount of storage possible. There is simply no way the NSA, or anyone for that matter, can capture to storage ALL data
flowing over these cables.

Here is another quote in the Arstechnica article:

Considering that, according to Cisco, the total world Internet traffic for 2012 was 1.1 exabytes per day is physically impossible, let alone
practical, for the NSA to capture and retain even a fraction of the world's Internet traffic on a daily basis.

Now, i know this references world wide internet traffic but let's agree that all US data traffic still greatly exceeds any method of storage. The
Narus units look for specific data and they capture interesting traffic BUT only interesting traffic.

Further, I watched the C-Span coverage with the FBI and NSA. I humbly suggest, any interested readers watch this.
C-SPAN NSA coverage

At the end, several Representatives flatly ask pointed questions that are being debated here on AboveTopSecret. They flatly deny what many posts are
suggesting. They are under oath and before congress. I watched it and I believe these guys are on the level. I know this is a conspiracy site and many
will flatly deny what they are saying, but i think it behooves all of us to watch it.

This testimony directly refutes that all US domestic data traffic is being monitored and stored. I work in the field, i humbly suggest that the amount
of US data traffic could simply not be stored. Now, given that, we need to understand the devil is in the details. But it still seems they need
warrants to store US data.

My understand is that it's like a web-bot service which analyzes every piece of data and shows what is most relevant and pressing. They have access
to it all but only investigate things which would jeopardize national security, whilst other low-priority threats are handled in other ways. As for
the rest of the data, it's probably accumulating somewhere until they develop a program sophisticated enough that can analyze it all. At which point
every single person in the world will be categorized in a database with every known piece of information. That's assuming they haven't done this
already.

It's not just invasion of privacy but a form of control, which if left unchecked will lead to greater levels of control and manipulation. It extends
beyond personal privacy because you have to consider company secrets, the advantages of knowing stock market changes before they happen, being able to
steal technological inventions from other companies and much more. Don't forget that as technology progresses it will only become more sophisticated
and one day we could be faced with mind reading and mind control in the hands of the NSA.

As far as I know, PGP can only be broken by brute force (which can take the best tech we've got years to achieve) and the guy who invented it met
with a strange end…… There is no breaking this form of encryption without the receivers private key.

He is partially correct. Any traffic that is not explicitly encrypted is fair game and can be inspected or listened in on in a real-time fashion. So
they do not need warrants for that. But let's say the only non-secure data you send over the Internet is text messages from your phone? (not
encrypted) They can listen to those, and if one of those messages has the right words in it, it will get "flagged". Next, they start focusing on all
of your Internet traffic and find that you are doing all email and everything else with SSL encrypted traffic. They can't just decrypt it, but
sometimes they can, it depends on the level of encryption. But in most cases, it will take them too long, so they just get the warrant and ask the
company that you're using for your email to decrypt it for them and provide them the unencrypted data.

~Namaste

About the encryption, bear with me - not even close to my field: I seem to recall - in the 90s sometime - a huge flap over PGP or Pretty Good
Protection or some such. The flap was that the encryption was so good the government couldn't break it and was, well, pissed because they didn't
have a Master Code so to speak. My memory is that the case with encrytion schemes up to that point had provided the government with such a Master
Key. Does this ring any bells.

I get the 'no access' to propietary servers - just a split of data stream. Check. But they still are in possession of the entire data stream - not
only the government but private contractors with allegence to their company not the constitution - I digress.....

Originally posted by WaterBottle
Then why even bother getting a warrant....

because when you issue a warrant for a wire-tap and it goes public, they can say legal procedures were being followed leaving people who don't know
how big this is to feel all warm and fuzzy inside. (safe) which in turn doesnt raise a lot of questions and their secret programs remain secret.

They could easily wire-tap without a warrant and when they find info on someone they can always bring it to a judge and make it official... then claim
the data they found was obtained legally. leaves a lot of loopholes and the secrecy behind it definitely leaves windows open for corruption and misuse
of this tech.

But can you or anybody else give a single good reason why they would do all this on somebody suspected of being innocent?

The point still stands, why would they wast time money & resources spying on people for no good reason, but nobody has explained this madness to make
any sense for there speculations, and nobody has a better alternative & solution to these programs, i think its a none brainier that these programs
are here to stay unless we end up back in the dark ages

It's not just invasion of privacy but a form of control, which if left unchecked will lead to greater levels of control and manipulation.

How can any government/country function without control?

How can civilization continue without organisation & control?

Places where there is lack of rules, order and control in the world, are called 3rd worlds & failed states if this is for you then fine, if not,
perhaps you should consider living on a desert island away from civilization

You want the short, to-the-point, eplaination of why the NSA & counter-intel spooks in the military signal corps call the sysytem 'PRISM'

it is because of what a Prism does.... it takes a input source of sunlight (info/data) and breaks the beam (info) down into its seperate
components...

recall the colors alerts used to alert the public of just what stage of readiness we need to be in with regards to terror threats...

this works the same way.... info is collected then compiled into groups of individuals

(ROY G BIV) are the categories of interest which every person living in the USA is being lumped into

the R people, in the 'Red danger' class have very dangerous affiliations & contacts, also they will fall into the broad-sprectrum warrent of
getting hacked and taped conversations made for further analysis by agent-analysts in NSA etc

the V people, in the docile 'Violet' class are not worth investigating any further

so "Prism" stands for 7 levels of interest in all your communications and emails & lifestyle choices

the first three which correspond to the colors of light that seperate by using a Prism are the 'Persons-of-interest and would likely not get shipped
to a FEMA Re-education camp in the future... they should get erased instead

i am trying my best to get myself classified as an I (indigo) or V (violet) class person on the anti-govt scale of potential
anarchists/revolutionaries under the PRISM protocols

theres no use trying to spell it out any clearer... the OP made a good but ill fated attempt ... it was too convoluted for government policy,
platforms, protocols...

But can you or anybody else give a single good reason why they would do all this on somebody suspected of being innocent?

The point still stands, why would they wast time money & resources spying on people for no good reason, but nobody has explained this madness to make
any sense for there speculations, and nobody has a better alternative & solution to these programs, i think its a none brainier that these programs
are here to stay unless we end up back in the dark ages

The problem is when They have a pretty different idea about what "innocent" means than ordinary citizens do. Witness China.

Already the idea of a secret court whose decisions are secret and can't be challenged as a "check" to control a secret program whose magnitude and
scope can't be discussed sounds, quite literally, like something one would read about in a bitterly sarcastic book by Solzhenitsyn.

The Above Top Secret Web site is a wholly owned social content community of The Above Network, LLC.

This content community relies on user-generated content from our member contributors. The opinions of our members are not those of site ownership who maintains strict editorial agnosticism and simply provides a collaborative venue for free expression.